惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

B
Blog RSS Feed
V2EX - 技术
V2EX - 技术
P
Privacy & Cybersecurity Law Blog
T
The Exploit Database - CXSecurity.com
美团技术团队
WordPress大学
WordPress大学
博客园 - 司徒正美
S
Securelist
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
博客园 - Franky
Attack and Defense Labs
Attack and Defense Labs
Security Latest
Security Latest
L
LINUX DO - 最新话题
NISL@THU
NISL@THU
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
腾讯CDC
Y
Y Combinator Blog
The Hacker News
The Hacker News
Security Archives - TechRepublic
Security Archives - TechRepublic
IT之家
IT之家
T
Threatpost
Hugging Face - Blog
Hugging Face - Blog
Scott Helme
Scott Helme
S
SegmentFault 最新的问题
Cyberwarzone
Cyberwarzone
C
Cisco Blogs
阮一峰的网络日志
阮一峰的网络日志
U
Unit 42
B
Blog
Microsoft Azure Blog
Microsoft Azure Blog
P
Proofpoint News Feed
小众软件
小众软件
V
Vulnerabilities – Threatpost
J
Java Code Geeks
V
Visual Studio Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
A
Arctic Wolf
博客园 - 【当耐特】
Microsoft Security Blog
Microsoft Security Blog
S
Security @ Cisco Blogs
雷峰网
雷峰网
Help Net Security
Help Net Security
The Last Watchdog
The Last Watchdog
Recent Announcements
Recent Announcements
G
Google Developers Blog
C
CERT Recently Published Vulnerability Notes
T
Troy Hunt's Blog
MyScale Blog
MyScale Blog

Search Security Resources and Information from TechTarget

How to operationalize threat modeling with AI | TechTarget CISO First fully agentic ransomware attack sparks readiness concerns | TechTarget Evaluating secure enterprise browsers vs. security plugins | TechTarget The AI vulnerability storm is here: Is your security program ready? | TechTarget Perimeter to posture: A roadmap to zero trust maturity | TechTarget TLS certificate lifetime changes: What CISOs must do now | TechTarget The agentic AI 8 key aspects of a mobile device security audit program | TechTarget Why mobile security audits are important in the enterprise | TechTarget Beyond the perimeter: The shift to data-centric protection | TechTarget How agentic AI threat intelligence aids NGO cyber defense: Case study | TechTarget How to conduct a mobile app security audit | TechTarget NO FAKES Act advances: What CISOs need to know | TechTarget What CISOs should know about AI runtime security | TechTarget As Q-Day looms, 90% of systems are unprepared for PQC | TechTarget A CISO Most security pros say their culture is Zscaler lays out its vision to secure the AI era at Zenith Live | TechTarget The OpenClaw security risks every CISO needs to know | TechTarget Cloud security metrics and KPIs: A CISO Florida public sector training on SimSpace cyber range: Case study | TechTarget Reporters' Notebook — Focus on Cyber Insurance: How Quantifying Risk Is Reshaping Security It's time to update incident response for the AI era How to build AI security guardrails without blocking innovation The prosecution gap: Why cybercrimes go unpunished AI in cyberdefense: Learning from threat actors' playbooks Top identity and access management risks CISO role changes as cyber-risk appetites in the C-suite grow CISO's guide to data minimization Researchers build autonomous AI worm that can reason and adapt How to secure data at rest, in use and in motion How to find cyber-risk data sources for a FAIR analysis Lost in translation: Cybersecurity board reporting for CISOs How to prepare security controls for future AI regulations EO 14390 raises stakes for enterprise cybersecurity First month of Mythos Preview testing exposes 10K flaws OT attacks shift from recon to physical control, raising stakes For CISOs, dawn of OpenAI Daybreak brings good and bad news Gartner Security & Risk Management Summit 2026: Adapting for AI | TechTarget Inside business email compromise attacks: Real-world examples Verizon 2026 DBIR: 6 key takeaways for CISOs Identity security for AI agents: The proliferation challenge How to build a business impact analysis checklist Taking care of business: The CISO's role in a cyber crisis What CISOs need to know about AI audit logs SOC vs. MDR: What CISOs need to consider Instructure cyberattack reignites ransom payment debate Transform SIEM rules with behavior-based threat detection CISO's guide: How to test an incident response plan How to implement zero trust for AI Data after the breach: Economics of the dark web The breakup: Why CISOs are decoupling data from their SIEMs | TechTarget News brief: Security worries and warnings as AI use expands How to construct an effective security controls evaluation 5 leading enterprise password managers to consider Claude Mythos changes the AI security threat matrix Buyer 6 things to check in your cyber insurance policy fine print How cyber insurance helped with breach recovery -- or not News brief: Critical infrastructure, OT cybersecurity attacks Tape's strategic role in modern data protection Top zero-trust use cases in the enterprise What every CISO should consider before a SIEM migration CISO's guide to centralized vs. federated security models Shadow code: The hidden threat for enterprise IT How to fix cybersecurity's agentic AI identity crisis 5 top SIEM use cases in the enterprise Top 8 e-signature software providers for 2026 How do digital signatures work? News brief: AI woes continue for security leaders Deepfake era demands proof-based security, not just awareness Is SOAR dead or alive? Sort of The push for digital sovereignty: What CISOs need to know Beyond awareness: Human risk management metrics for CISOs Cybersecurity in the age of AI means bigger, faster threats At RSAC 2026, AI optimism and anxiety -- and an MIA U.S. government Inside the SOC that secured RSAC 2026 Conference How to improve the SOC analyst experience -- and why it matters How contact centers detect and prevent fraud News brief: Iranian cyberattacks target U.S. water, energy CISO checklist: Cybersecurity platform or marketing ploy? RSAC 2026 Conference: Key news and industry analysis | TechTarget Next-generation firewall buyer's guide for CISOs Contact center monitoring best practices for CX leaders RSAC 2026: Cyber insurance and the rise of ransomware Agentic AI's role in amplifying and creating insider risks RSAC 2026 recap: AI security and network security trends Identity security at RSAC 2026: The new enterprise dynamics Meaningful metrics demonstrate the value of cyber-resiliency What to know about red team testing and the law News brief: Iran cyberattacks escalate, U.S. targets named 5 top SOC-as-a-service providers and how to evaluate them Cloud security architecture: Enterprise cloud blueprint for CISOs Contact center compliance checklist for modern workforces How AI caught a malicious North Korean insider at Exabeam Watch your words: Tim Brown's advice for CISOs News brief: U.S. absence at RSAC sparks leadership concerns Network security management challenges and best practices 10 enterprise secure remote access best practices
How to roll out an enterprise passkey deployment
2026-04-15 · via Search Security Resources and Information from TechTarget

CISOs know that the human element can be the weakest link in an enterprise's cybersecurity defenses, often surfacing when end users create weak passwords that threat actors easily crack. Seeking a stronger alternative, security teams are increasingly turning to passkeys.

Unlike passwords, which end users create, passkeys are digitally generated cryptographic credentials that work as part of an identity and access management (IAM) strategy. Passkeys use biometrics and are stored on a device -- such as a phone -- or as a hardware token. Passkeys don't communicate through a server; they are validated through authentication services.

Passwords vs. passkeys: A safer option

Beyond providing an alternative to weak passwords, passkeys that use biometrics or device-based cryptographic keys are significantly harder to capture through social engineering tactics such as phishing.

Offering options such as fingerprint access and device PINs, passkeys streamline logins and avoid the extra steps required by many security tools. Even as they enhance access security, passkeys keep the login process simple. Users don't have to remember complicated passwords or navigate constant password changes.

Through the use of digital authentication, passkeys are an effective option to eliminate the inherent weaknesses -- in terms of both security and ease of use -- of passwords.

The rise of enterprise passkeys

A FIDO Alliance survey of 400 security decision-makers found that 87% of companies are implementing passkeys.

One driving force behind the transition is the increased emphasis on a zero-trust security approach, in which entities are denied access to enterprise resources until authenticated and verified.

Another reason passkeys are becoming more popular is that enterprises are under constant pressure to meet regulatory requirements and strengthen digital identity security. Passkeys provide stringent access controls and the audit trails necessary to prove compliance.

Most advanced identity management systems work with passkey technology, including mobile authenticators and biometric scanners. This provides another verification point, vital for organizations using mobile and cloud platforms, while requiring stronger controls than conventional passwords offer. Passkeys also often work with MFA that requires, at minimum, two forms of authentication to access enterprise resources.

Mapping a successful passkey deployment

Security decision-makers must choose whether to deploy enterprise or consumer passkeys, or both.

Enterprise passkeys are typically used for internal employees, contractors and partners who need access to confidential or high-value resources. It is crucial that enterprise passkeys work with existing infrastructure and policies, including single sign-on, management tools, corporate devices and policy enforcement.

Consumer passkeys are primarily for external users, including customers and subscribers. Internal end users might also need consumer passkeys to access external digital platforms. Ease-of-use is a major consideration during login and password resets, but the emphasis should be on interoperability and privacy.

In a hybrid passkey environment, some internal passkey users might use consumer passkeys to access external platforms or services that require them, such as SaaS tools or collaboration platforms. Seamless integration between enterprise and consumer systems can simplify UX and enhance security.

Planning a phased rollout

CISOs should consider a phased approach to passkey deployment. Pilot the implementation with a small group to measure UX and validate the technical setup. Follow with a broader rollout, extending passkeys to other groups while continuing to track UX and confirming passkey security.

Start with higher risk groups -- executives, IT administrators and personnel with access to sensitive systems -- before rolling out passkeys to all employees.

If contractors and third-party partners need to access enterprise resources, whether using a corporate-issued or personal device, consider more stringent and granular passkey policies.

For customers and subscribers, assess risk profiles, geographic locations, regulatory requirements and transaction volume.

Ultimately, the result is full deployment in which passkeys are the default authentication system for everyone.

How to evaluate passkey providers

Before selecting a passkey provider, conduct an internal needs assessment that accounts for authentication requirements, user base, compliance needs, critical applications and IT infrastructure. Involve compliance teams and business leadership. Once completed, build a short list of providers based on technical requirements, support offerings and reputation. Demos, limited pilot deployments, reference accounts and reviews can all help determine which vendors make this list.

Other considerations include the following:

  • Support of industry standards, including FIDO2 and WebAuthn.
  • Strong encryption for credentials, device binding and data.
  • MFA support.
  • Streamlined integration with existing systems.
  • Passkey functionality across platforms and devices.
  • Easy migration from passwords to passkeys.
  • Compliance with privacy and data security laws.
  • Cost structure for subscription or license models.
  • Scalability as operational requirements shift.

How to deploy enterprise passkeys

As with any significant security deployment, CISOs and IT and security teams must plan for a passkey implementation.

Step 1. Review existing IAM strategy

Deployment starts with assessing current IAM technologies to assess where passkey integration makes sense. CISOs and their teams should look at access privileges and authentication methods in the context of business operations. Are privileges too broad? Are authentication processes adequate to meet regulatory requirements? What changes are needed to ensure a smooth passkey deployment? Do policies and practices align with business objectives?

Step 2. Leadership alignment

CISOs and their teams need to engage with stakeholders across lines of business to find champions and secure funding. C-level backing is key for both immediate budgetary needs and long-term security initiatives.

Step 3. Update access tools

Organizations that are not already using MFA should deploy mechanisms, such as biometrics or mobile- or hardware-based MFA, before adopting passkeys. This acclimates end users to new login processes that will be extended once passkeys are adopted. It also gives security teams the opportunity to test various authentication methods before deploying passkeys.

Step 4. Infrastructure assessment

For many organizations, managed authentication services are the right choice to automate provisioning, reset credentials and implement self-service features. CISOs and teams need to assess their infrastructure to determine the levels of data protection, endpoint encryption and device management. Re-examine data loss prevention rules to identify any required updates after passkeys are deployed.

Passkey adoption hurdles

Obstacles to successful passkey deployments on the technology side include incompatibility with legacy systems. In addition, some applications, devices and infrastructure might not work with passkeys. Upgrades can also be costly and complex. Lockouts are another issue with passkey rollouts. Teams should put backup, recovery and fallback authentication processes in place to prevent this.

CISOs might also encounter resistance from end users. Clearly communicated instructions and demonstrations, with ongoing support, can smooth the enrollment process.

The successful passkey deployment

Gauge the early success of a passkey deployment through its use. For example, monitor the percentage of eligible users enrolling a passkey.

Remember, however, that the true measure of success hinges on the IT and security benefits passkeys deliver. In time, the support desk should see a decline in password reset requests and, eventually, security teams should be able to report fewer credential-related incidents, such as phishing and account takeovers. With today's threat landscape, that makes for a safer environment to conduct business.

Amy Larsen DeCarlo has covered the IT industry for more than 30 years, as a journalist, editor and analyst. As a principal analyst at GlobalData, she covers managed security and cloud services.